job-hunt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly asks the user to upload screenshots of public job-detail pages (Step 3) which are processed by the job-hunt-fetcher into JD files stored in .work/jd-pool and then read by the analyzer/tailor (Steps 4–6), meaning the agent ingests untrusted third-party content from public websites that can materially influence its analysis and actions.